Method and operating system for executing programs in a multi-mode microprocessor

ABSTRACT

Improved methods and operating systems for use with a multi-mode microprocessor enable efficient operation in a multi-mode environment. Preferred embodiments for use with microprocessors which were not designed to switch from each mode to another mode enable multi-tasking of a mixture of programs written for different modes using the mode switching methods of the present invention. Frequently used portions of the operating system are stored in memory at locations which can be commonly addressed in all modes. Means for handling device drivers and interrupts in all modes are also provided. Preferred embodiments for use with computer systems using microprocessors such as the Intel 80286 include means for storing the operating system routines to maximize performance of the system in real mode. Auxiliary protection hardware and I/O masking hardware are also provided in alternate preferred embodiments to enhance protection during real mode operation of such systems. Means for handling interrupts in a mode switching environment and alternate embodiments to eliminate problems caused by hooking programs in a multi-tasking environment are also provided.

This application is a division of U.S. patent application Ser. No.064,117, filed June 18, 1987, now U.S. Pat. No. 4,825,358, which is adivision of Ser. No. 722,052 filed Apr. 10, 1985, now U.S. Pat. No.4,779,187.

TECHNICAL FIELD

This invention relates to improved methods of executing computerprograms in a multi-mode microprocessor and improved operating systemsfor use with such microprocessors.

BACKGROUND ART

Newly designed microprocessors may include enlarged memory addressingfacilities and revised architecture which result in enhancedcapabilities. When such microprocessors are used in new computersystems, they often produce computers which are functionally superior totheir predecessors due to these enhanced capabilities. Despite anyfunctional advantages a new computer may have over its predecessors, acomputer employing an improved microprocessor may not be a commercialsuccess. Computer programs, sometimes referred to as "software," aremicroprocessor specific. Therefore, when a computer employing a newmicroprocessor is introduced into the marketplace, there is generallylittle or no software which can run on it. Existing software, writtenfor previous microprocessors, is incompatible with the new computer. Asa result, sales of such new computers will often be sluggish untilconsumers see that adequate software is available for the computer.Additionally, consumers with libraries of software for existingcomputers may be reluctant to purchase new computers which would requirethem to invest in all new software. This problem is often compounded bythe fact that software writers and publishers are reluctant to producesoftware for a new microprocessor until sales of computers incorporatingthe microprocessor are sufficient to create a relatively large group ofpotential purchasers of the software. This "wait and see" attitude onthe part of both consumers and software writers can jeopardize thesuccess of a new microprocessor and computers using the microprocessor.

Designers of new microprocessors sometimes attempt to solve this problemby designing a new microprocessor such that it will operate in twomodes. In a first mode, the microprocessor will emulate a priormicroprocessor and run existing programs written for the priormicroprocessor. In a second mode, the microprocessor will make full useof its enhanced capabilities. Such a design will enable manufacturers ofcomputer systems using the microprocessor to advertise that the entirebody of existing programs written for the prior microprocessor will runon their computer, thereby (in theory) stimulating computer sales to apoint where software writers will begin to write programs designed torun in the new enhanced mode.

One such microprocessor is the Intel 80286, which is manufactured by theIntel Corporation of Santa Clara, Calif. The design and operation of theIntel 80286 is described in detail in a publication entitled "iAPX 286Programmer's Reference Manual Including the iAPX 286 NumericSupplement," which is available from the Intel Corporation and is herebyincorporated by reference.

The Intel 80286 (hereinafter "80286") operates in two modes. In a firstmode, called the "real mode," the 80286 emulates the architecture ofIntel's previous 8086, 8088 microprocessor family, which is used in theIBM PC and compatible computers, for example. Thus, computers whichincorporate the 80286 microprocessor, such as the IBM PC/AT, can runexisting 8086 programs written for the IBM PC and compatible computers.

In a second mode, called the "protected mode," the 80286 architectureprovides enlarged memory addressing capability, enhanced multi-taskingsupport features, and a sophisticated protection scheme.

Although the real mode will run existing 8086 programs, there arelimitations associated with the real mode. First, it limits the amountof physical memory which can be addressed to 1 megabyte. (In somecomputers, such as the IBM AT, the amount of physical memory availablefor programs has been further reduced to 640K.) Second, the real modedoes not provide memory relocation, a desirable feature formulti-tasking. Third, the real mode provides no memory protectionscheme, a feature needed for multi-tasking and network environmentswhere user or task interference could be devastating.

Because of the limitations of the real mode, the 80286 was not designedto allow frequent switching from one mode to the other. The 80286 isinitialized in the real mode and can be switched to the protected modeby means of an instruction provided by the 80286. No method orinstruction is provided by the 80286 to switch from protected mode toreal mode. To return to real mode from protected mode, it is necessaryto reset the microprocessor. Thus, the designers of the 80286contemplated that it would be used in one mode or the other, with realmode operation being kept separate from the protected mode operation,thereby isolating protected mode programs from the unprotectedenvironment of the real mode.

Unfortunately, such isolation is undesirable from an efficiencystandpoint. For efficient operation, the operating system, or "DOS", ofa microcomputer incorporating the 80286 should be able to run a mixtureof real and protected mode programs in a multi-tasking environment.

DISCLOSURE OF THE INVENTION

It is an object of the present invention to provide improved methods ofoperating a multi-mode microprocessor that will enable a mixture ofprograms designed to run in the various modes of the microprocessor tobe efficiently executed in a multi-tasking environment.

It is another object of the present invention to provide such methodsthat will, in alternate preferred embodiments, maximize the capabilitiesof the individual operating modes.

It is another object of the present invention to provide such methodsthat will only require the addition of minimal hardware to existingsystems.

It is another object of this invention to provide an improved operatingsystem for computers using multi-mode microprocessors.

It is another object of the present invention to provide, in alternatepreferred embodiments, an improved system design for use with multi-modemicroprocessors having a protected mode and an unprotected mode thatwill provide enhanced protection when operating in the unprotected mode.

It is another object of this invention to provide preferred embodimentsof such methods which will enhance the multi-tasking capability ofmicroprocessors such as the Intel 80286.

It is another object of the present invention to provide preferredmethods designed for use with computers such as the IBM PC/AT whichutilize the Intel 80286 which will optimize the operation of suchcomputers in a multi-tasking, mode switching environment.

These and other objects of the invention, which will become moreapparent as the invention is described more fully below, are obtained byproviding an improved method of switching modes to execute a mixture ofprograms in a multi-mode microprocessor. In preferred embodiments of thepresent invention designed for use with microprocessors which must bereset to switch from some modes to others, mode switching is preferablyperformed by activating the reset hardware in as efficient a manner aspossible. After the microprocessor is reset, improved boot-up softwarewill determine whether the reset was triggered under software control(indicating a mode switching reset), in which case the normalinitialization routines of the boot-up software are bypassed. Duringreset procedures, special provisions are preferably made to handledirect memory access and interrupts.

Preferred embodiments of the present invention preferably include atleast portions of the operating system, including device drivers andinterrupt service routines, that can be executed in all modes. Formicroprocessors wherein a common method of memory addressing is not usedin all modes, alternate preferred embodiments of the present inventionprovide an improved method of selecting the base addresses for theoperating system subroutines to enable multi-mode addressing. Apreferred embodiment designed for use with the Intel 80286 andmicroprocessors with similar architecture includes the steps ofselecting real memory segment base values that are in a formatcompatible with the protected mode mapping architecture and configuringthe protected mode descriptor tables to produce a resulting base addressidentical to that obtained in real mode. Device drivers, interruptservice routines, and portions of the operating system that arefrequently used in both modes are thus placed in real memory atlocations selected in this manner.

Preferred embodiments for use with the Intel 80286 microprocessor alsopreferably include an operating system subroutine that will examine theaddress of the I/O location designated by a device driver and produce a32-bit (segment:offset) pointer which will address the desired memorylocation in the current mode. When the system is in protected mode, thesubroutine will program the GDT or LDT to achieve this result. When thesystem is in real mode, the subroutine will preferably generate realmode addresses using internal diagnostic instructions to cause the 80286to address memory locations above 1 megabyte although in real mode.Alternately, information intended for storage at memory addresses above1 megabyte can be temporarily stored in a buffer at addresses below 1megabyte while the system is in real mode, and then transferred to thedesired memory location above 1 megabyte when the system switches toprotected mode.

Preferred embodiments for use with the Intel 80286 microprocessor alsopreferably include steps which are designed to eliminate compatibilityproblems between 8086 programs and the 80286. Depending upon the natureof the system, software modifications or the addition of an auxiliaryhardware element to disable the effect of address line A20 are provided.

Preferred embodiments include means for handling existing real modeprograms which store the address of their own interrupt handlingroutines into the hardware interrupt vector table. Special code enablesthe DOS to mode switch to real mode as required by such interrupthandler routines and switch back to protected mode to continue executionof the interrupted program.

Alternate preferred embodiments designed for use with programs that hookinterrupt vectors include means for eliminating the problems caused bysuch programs in a multi-tasking environment. The DOS includes adispatcher that monitors the hardware vector table to detect hooks byapplication programs and transfers control to the interrupt handlerroutines of such application programs at appropriate times. In onepreferred embodiment, interrupt vectors are moved to new locationswithin the hardware interrupt table to facilitate operation of thedispatcher.

Alternate preferred embodiments may also include techniques forenlarging the amount of memory available to programs in the real mode.First, 64K of the DOS is positioned in memory at location 1 megabyte.Additionally, portions of the DOS which are comparatively large andinfrequently used or relatively slow are placed in memory above 1megabyte and used only in protected mode. The mode switching techniquesof the present invention enable such DOS code to be accessed by realmode programs by switching into and out of protected mode as necessaryto perform the requested operation.

Auxiliary protection hardware may also be provided in alternatepreferred embodiments to provide enhanced protection when running realmode programs. I/O masking hardware can be provided to check each I/Ooperation attempted by the CPU against a list of valid I/O addresses.Memory protection hardware can also be provided to check each memoryoperation attempted by the CPU against a list of authorized addressesstored in an auxiliary RAM.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic representation of the real mode memory addressprocedure of an 80286 microprocessor.

FIG. 2 is a schematic representation of the segment selector format foran 80286 microprocessor in protected mode.

FIG. 3 is a schematic representation of the method in which a virtualaddress in an 80286 microprocessor is translated to a physical address.

FIG. 4 is a schematic representation of the format of a segmentdescriptor from a descriptor table in the protected mode of the 80286microprocessor.

FIG. 5 is a schematic representation of the format of a protected modesegment selector component designating global address space.

FIG. 6 is a schematic representation of the real mode interpretation ofthe segment selector of FIG. 5.

FIG. 7 is a schematic representation of the method of the presentinvention for obtaining common physical memory addresses in real andprotected mode from a given (segment:offset).

FIG. 8 is a schematic diagram illustrating the method by which anexisting operating system handles interrupts with no applicationprograms present.

FIG. 9 is a schematic diagram illustrating the method by which anexisting operating system handles an interrupt with one applicationprogram including an interrupt handler routine present.

FIG. 10 is a schematic diagram illustrating the method by which anexisting operating system handles an interrupt when two applicationprograms including interrupt handler routines are present.

FIG. 11 illustrates schematically the effect of termination of thesecond application program in a chain of two application programsincluding interrupt handler routines.

FIG. 12 illustrates schematically the effect of termination of the firstapplication program in a chain of two application programs includinginterrupt handler routines.

FIG. 13 illustrates schematically the improved method of the presentinvention for handling vector interrupts.

FIG. 14 is a schematic illustration of the method of FIG. 13,illustrating the operation of the dispatcher when the first applicationprogram of a two cation chain terminates.

FIG. 15 illustrates schematically the improved method of locating anoperating system in memory in accordance with the present invention.

FIG. 16 is a flow chart illustrating the logic of the dispatcher in afirst preferred embodiment of an improved interrupt handler method ofthe present invention.

FIG. 17 is a schematic diagram illustrating the operation of a secondpreferred embodiment of an improved interrupt handler method of thepresent invention.

BEST MODE FOR CARRYING OUT THE INVENTION

The present invention is perhaps best understood with reference topreferred embodiments designed for implementation with the Intel 80286microprocessor. The present invention enables a mixture of real mode andprotected mode programs to be run on the 80286 without loss ofperformance. Programs written in both modes are loaded into an 80286system and executed as required using an improved multi-taskingoperating system that includes means for switching modes of the 80286 asrequired by the currently executing program. Additional means arepreferably provided to maximize the performance of the system. Theinitial operating steps of the present invention will be describedfirst, followed by the mode switching techniques and steps deigned toincrease efficiency of operation and eliminate compatibility problems.Finally, alternate preferred embodiments utilizing additional hardwareto provide enhanced protection when running real mode programs aredescribed.

Application programs that will be run on a system incorporating an 80286are typically loaded into the main memory of the system from anauxiliary storage device, such as a magnetic disk. Each program writtenfor the 80286 includes a indicator or "flag" that designates whether theprogram is designed to run in real mode or protected mode. As eachprogram is loaded into the main memory, the operating system willpreferably determine whether it is a real or or protected mode programand store he program accordingly within the main memory. For reasonswhich will become apparent as the remainder of the best mode isdescribed below, real mode programs are preferably stored at memoryaddresses below 1 megabyte and protected mode programs are preferablystored at memory locations above 1 megabyte when using the methods ofthe present invention.

When each program is loaded into the main memory of the system, a recordis created which includes information such as the name, size, memorylocation, and type (real or protected) of the program. At the time ofexecution, an operating system in accordance with the present inventionwill check the program type and the current mode of the microprocessor,and will generate a mode switch, if required, in the manner describedbelow.

Mode Switching

When the 80286 is first activated, it is initialized in real mode.Switching from real mode to protected mode is accomplished by means ofan instruction provided by the 80286 for this purpose. In the presentinvention, switching from protected mode to real mode is accomplished asfollows:

First, the microprocessor is reset. Because the 80286 provides no methodto switch from protected mode to real mode, it is necessary to reset themicroprocessor in order to return to real mode from protected mode. Theactual reset signal is generated by hardware elements designed for thatpurpose. Activation of the reset signal can be accomplished by a varietyof techniques. For example, the reset signal can be generated using anI/O port to signal the reset hardware and cause a CPU reset to begenerated. Although such a technique is the standard method contemplatedto accomplish a reset in most 80286 systems, it has been found that insome computers incorporating the 80206, such as the IBM PC/AT, use ofsuch a technique is relatively slow. Consequently, when using the methodof the present invention in conjunction with an IBM PC/AT computer, itis preferred that the reset be accomplished by generating a "triplefault" in protected mode. A triple fault is generated by intentionallycommitting three separate protection violations in protected mode. Anauxiliary monitoring circuit, such as is found on the IBM PC/AT, can beprovided to monitor the 80286, detect a triple fault condition, andcause the reset hardware to be activated upon occurrence of the triplefault condition. Under such conditions, a reset of the CPU occursseveral hundred microseconds faster than a reset generated using the I/Oport.

The reset signal is typically fed to the system clock generation chip sothat the signal is properly synchronized with the system clock. Thissoftware-commanded reset signal is normally not sent to the "generalsystem reset" line or to other chips, such as an interrupt controller, adevice controller chip, or the80287 co-processor (if present).

After the 80286 is reset, it begins to execute at a special chip resetaddress. This address usually corresponds to ROM which contains theboot-up software. Thus, when the microprocessor is reset, it willnormally go directly to its initialization or boot-up routines. Whenswitching from protected mode back to real mode, however, it is notnecessary or desirable to reinitialize the entire microprocessor.Consequently, the code of the boot-up software is modified so thatbefore it proceeds with the normal boot-up process, it checks to see ifthe reset was explicitly triggered under software control (indicatingthat mode switching is taking place) or was triggered by an externalhardware-related event, such as power-up. Various methods can beemployed to make this determination. The operating system can place aspecial value or pattern of special values in volatile RAM. If theboot-up software detects such a value or pattern of values, it will knowthat the processor was previously activated and mode switching is takingplace. If non-volatile RAM exists, a location could be reserved for a"mode switch reset" flag which can be queried by the boot-up software todetermine whether mode switching is taking place. A hardware latch whichis set by a hardware-generated reset and cleared by a software-generatedreset could be used. This latch could be interrogated by the boot-upsoftware, by means of an I/O port, for example, and is preferred in manysystems as it provides a fail-safe means of detecting mode-switchingresets.

While the 80286 is being reset, the remainder of the system can continueto function. RAM locations will not be damaged by the process. Becausethe rest of the system can continue to operate, two precautions may benecessary during reset. First, it may be necessary to make sure that nodirect memory access operations are in progress, depending on the designof the direct memory access facility, because the 80286 may fail toproperly perform bus grant operations while being reset.

The second precaution that must be taken during resetting of the 80286relates to interrupt handling. It is necessary that interrupts bedisabled during the reset process and that no interrupt be lost. If thesystem uses edge-triggered interrupts, there must be hardware toremember the incoming interrupt. In the preferred methods describedherein, a programmable interrupt controller, such as the Intel 8259, ispreferably used in the system. In such a system, maskable interrupts areheld off during mode switching by programming the 8259 mask register tohold off interrupts. It is also believed that the same result can beachieved using the CLI (Clear Interrupt Flag) instruction of the 80286to disable interrupts.

Mode Switching Efficiency

For mode switching to be practical in an operating system environment,it must not slow the general operation of the system. It is thereforedesirable that the operating system be written so that it can execute inboth modes. If the operating system were written so that it could onlyexecute in one mode, it would force programs running in the other modeto mode switch to and from the other mode during a system call. For thisreason, all or most of the operating system in preferred embodiments ofthe present invention is written in such a fashion that it can beexecuted in both real mode and protected mode. Additionally, becausemode switching to take I/O interrupts would degrade the performance ofthe system, interrupt service routines should be written, wheneverpossible, to be runable in either mode. Device drivers are alsopreferably capable of running in both modes as a mode switch may occurbetween the time a task requests an I/O operation utilizing a devicedriver and the time that the device driver routine runs on theprocessor.

The architecture of the 80286 creates special problems when attemptingto design an operating system which will execute in real and protectedmodes because each mode uses a different method of memory addressing.Consequently, a given memory address will normally designate onelocation in the physical memory of an 80286 system in real mode andanother location in the physical memory of an 80286 system in protectedmode. Thus, an operating system would normally need to maintain twoaddresses (real and protected) for each memory object to enableoperation in both modes. Such a requirement burdens the operating systemand creates problems with procedure calls which have memory addressesbuilt into them. The present invention solves this problem by providingan improved method of locating the operating system routines such thatthey can be commonly addressed in real and protected mode. Anexplanation of this method is best prefaced by an explanation of thememory addressing methods employed in the real mode and the protectedmode.

In the real mode, the 80286 emulates the memory addressing methods of an8086 processor. All memory addressing is performed in terms of physicalor "real" addresses. An address is specified by a 32-bit pointercontaining two components: (1) a segment selector comprising a 16-bitquantity which specifies the starting address of a segment; and (2) aneffective address offset that determines the displacement, in bytes, ofa particular location within a segment. These two values are commonlyreferred to in a (segment:offset) format. The segment selector andoffset are combined as illustrated in FIG. 1 to produce a 20-bitphysical address. The base address of the segment is determined byinterpreting the 16-bit segment selector value as a 20-bit value havingzeros in the four least significant bits. The 16-bit offset value isthen added to this 20-bit segment base to produce a 20-bit valuedesignating the physical address. (Because the 80286 in real mode isemulating the 8086, each 16-bit physical value designating a segmentaddress is actually stored in a 24-bit register, with the four mostsignificant bits set at 0 and effectively transparent to the user inreal mode. This characteristic of real mode address is important inpreferred embodiments utilizing internal diagnostics to handle devicedrivers, as discussed below.)

In the protected mode, a 32-bit pointer is also used to specify memoryaddresses. A memory management scheme interposes a mapping operationbetween the logical address as specified by the 32-bit pointer and theactual physical address specified by that pointer, making the logicaladdresses independent of physical memory. Mapping is accomplished by useof a number of memory resident descriptor tables that govern theinterpretation of virtual addresses. Thus, the segment selectorcomponent of a 32-bit virtual address specifies a particular locationwithin a descriptor table rather than a location in the physical memory.Descriptor tables are made up of 8-byte entries called "descriptors." Anindex field within the segment selector points to a segment descriptorwithin a descriptor table. The segment descriptor includes a 24-bitvalue which identifies a segment base location in the physical addressspace of the microprocessor.

The format of a protected mode segment selector is illustrated in FIG.2. The two least significant bits of the segment selector are permissionbits used in the protection scheme of the 80286. Bit 2 of the segmentselector is a table indicator bit which defines whether the physicalmemory location will be selected from a Global Descriptor Table (GDT),or a Local Descriptor Table (LDT). When the table indicator bit is setat zero, the Global Descriptor Table is selected. The GDT contains basememory locations for global address space, which is used for system-wideprocedures and data, including the operating system. When the tableindicator bit is set at 1, the segment selector selects a LocalDescriptor Table (LDT), which selects local address space that isseparately masked for each task.

FIG. 3 illustrates schematically the manner in which the 32-bit virtualaddress is used to define a location in the physical memory of themicroprocessor. The table indicator bit of the segment selector dictateswhether the GDT or the current LDT will be used and the correspondingGDTR or LDTR provides the base address for the appropriate table. Theindex field of the segment selector, comprising the thirteen mostsignificant bits, is then used to select the appropriate segmentdescriptor from the table. The processor multiplies the index value byeight (as there are eight bytes per descriptor) in order to access theappropriate segment descriptor.

As illustrated in FIG. 4, the contents of the segment descriptor includea 24-bit value which designates the base address of the target segment(the segment in the physical memory where the address is located). The16-bit offset value from the 32-bit virtual address is then added tothis segment base address to produce the physical memory address.

In the method of the present invention, all or most of the operatingsystem is stored in real memory such that the addresses of the entrypoints for the operating system routines can be designated by a common(segment: offset) value in both real and protected mode. FIG. 5illustrates the format for a protected mode segment selector componentdesignating global address space. It is preferred that the operatingsystem segments be located in the address space such that segmentselectors are coded in formats which will select the global descriptortable, i.e., where bit 2 of the segment selector is 0. Use of the LDT ispossible but is not preferred due to the extra overhead of manipulatingLDTs. In the example illustrated in FIG. 5, the two least significantbits have been set at 0. It is preferred that these bits be set at 0,indicating a privilege level of 0. Although the method of the presentinvention could be used with the two least significant bits of thesegment selector set at non-zero values, such values are less preferredbecause of their resultant effect on the 80286 protection scheme whenoperating in protected mode.

FIG. 6 illustrates how a segment selector of the format illustrated inFIG. 5 will be interpreted in real mode. A 20-bit segment base defininga base address in real memory includes the segment index value in bits7-19 and 0's in the seven least significant bits.

Thus, to obtain the same base address in real memory using either realmode addressing or protected mode addressing, it is necessary to store avalue equivalent to the real-mode 20-bit segment base value in the24-bit base value of the appropriate segment descriptor in the GlobalDescriptor Table.

An example of this method of selecting memory locations which can bemade accessible in both real mode and protected mode is illustrated inFIG. 7. First, a real mode segment selector in a format compatible withthe protected mode is selected. In the example shown, the binary value11000 is selected. For the purposes of this example, an offset value of0 is used. In real mode, the segment selector will be converted to a20-bit base selector having a binary value of 110000000, or 180 HEX. Theoffset value of 0 will be added to this segment base to produce a realmemory address of 180 HEX.

In protected mode, the segment selector value of 11000 will designatethe two least significant bits as 0, the table bit as 0, and the indexvalue as 011. This index value will select the descriptor correspondingto the value 011 in the GDT. Using the method of the present invention,the 24-bit base value contained within that descriptor will be set at0110000000, the same value obtained for the segment base in the realmode. In protected mode, this 24-bit base value will then be added tothe offset to obtain the memory address 180 HEX in real memory. Asillustrated in FIG. 7, a subroutine of the operating system, forexample, is stored with its entry point address at 180 HEX and can beaddressed in either mode.

By selecting (segment:offset) values using the method described aboveand storing commonly addressable subroutines with the correspondingentry point addresses, the operating system, device drivers, andinterrupt service routines can be stored using the same technique sothat they can be entered in either mode.

An additional consideration for device drivers is high memoryaddressability. A protected mode program may request I/O to an addressabove one megabyte. Before the requested I/O operation actually takesplace, the processor may be switched to real mode. If the device driverroutine is running in real mode at the time the request is to beserviced, it will be unable to address the I/O location. To eliminatethis problem, operating systems used as part of the present inventionpreferably include a subroutine which will examine the address of theI/O locations and produce a (segment:offset) pair which will address thedesired memory location in the current execution mode. If the system isin the protected mode, this is straight-forward programming of the GDTor LDT. For real mode addresses below 1 megabyte, programming issimilarly straightforward. For real mode addresses above 1 megabyte,however, a special technique is preferably used. Because the 80286 isemulating the 8086 and its 20-bit physical memory address format, it ispossible to use internal diagnostic instructions to create a 24-bitphysical address in real mode. Such instructions enable the operatingsystem to insert values into four high order bits which are normally setat 0 and transparent to system programs in real mode. Informationregarding the use and operation of such instructions is typicallyavailable from the manufacturer of the microprocessor. For example,Intel Corporation provides such information relating to the 80286. Oncea 24-bit segment value is created using this method, a device driver canaddress memory above 1 megabyte in real mode. As an alternative toforced memory addressing above 1 megabyte in real mode, it is possibleto create a buffer in memory locations below 1 megabyte to temporarilystore the data until the system switches to protected mode. When thesystem switches to protected mode, the contents of the buffer can betransferred to addresses above 1 megabyte.

Compatibility Problems 1. Megabyte Wrap

Preferred methods in accordance with the present invention preferablyinclude steps designed to eliminate compatibility problems betweenexisting MS-DOS programs written for the 8086 and the 80286 operating inreal mode. Such problems arise from the fact that the 80286, in realmode, does not emulate the 8086-8088 chip family completely accurately.One such compatibility problem is known as the "1 megabyte wrap"problem. Because the 8086 cannot address memory above 1 megabyte,attempts to address memory locations above 1 megabyte resulted in anyvalues that would be stored in bits above bit-19 being ignored.Consequently, an attempt to address location 11111111111111111111+010would cause the address to be "wrapped" around to low memory location01. Some programs written for the 8086 rely on this feature to runproperly. Unfortunately, memory locations extend above 1 megabyte in thereal mode of the 80286 and are not wrapped to low memory locations.Consequently, programs including those written in MicroSoft PASCAL andprograms which use the "Call 5" feature of MS-DOS will fail on thestandard 80286 system. Operating systems designed in accordance with thepresent invention preferably provide two alternate solutions to thisproblem.

For systems which may be configured with memory above 1 megabyte, anauxiliary hardware element is preferably provided to disable the effectof address line A20. Address line A20 activates the carry bit incalculations, and its disablement will thus cause wrapping to occur.This hardware can be activate and deactivated under software command.The operating system will activate this hardware, as necessary, beforeit executes real mode programs. In some computers, such as the IBMPC/AT, disabling the A20 line is a relatively slow step which preferablyis done once when the system is initially booted up. It is not necessaryto reprogram the A20 hardware during mode switching for this case.

For systems with memory extending beyond 1 megabyte, the problem ispreferably solved by placing special instructions at the lower memorylocations above 1 megabyte which will point to the desired low memorylocation. For example, no PASCAL programs are loaded into memory below64K, and a special instruction is placed in the lower memory locationsabove 1 megabyte--for example, address 100000h or 100010h. A "Call 5"instruction, for example, in a task's PDB is then modified to jump tohigh-memory address, which in turn transfers control to the DOS. A20 cannow be always left activated, regardless of the mode of the programbeing run.

2. Interrupts a. Real Mode Programs with Interrupt Handler Routines

Some existing real mode programs make use of hardware interrupts bystoring the address of their own interrupt handler routine in theinterrupt vector table. This means that the interrupt handler routinesin these programs may be called by the interrupt vector when the 80286is in the protected mode. Disk-operating systems (DOS) in accordancewith the present invention preferably handle these situations by causingthe interrupt vector to point to a special DOS code that causes the80286 to switch to real mode, and then transferring control to theproper address in the real mode program. An additional return address isplaced on the stack so that when interrupt servicing is complete, theprogram returns control to the DOS, which mode switches to protectedmode, and then returns to the interrupted code.

There are two techniques which may be used to perform this interruptinterception. The first is to place this special code in the DOS"setvector" command handler. Some programs use this DOS function tochange the contents of the interrupt vectors.

The second technique relates to programs which write directly into theinterrupt vectors. Before dispatching a real mode program, the DOSrecords the status of the interrupt vectors. When the 80286 is about tobe reassigned, the DOS reexamines the vectors and looks for any changes.Any detected changes represent vector edits and are handled by editingthe interrupt vector to point to special DOS code as described above.

b. Alternate Preferred Embodiments for Hooking Programs

Many applications "hook" interrupt vectors by reading and saving theprevious contents. When they receive control from the interrupt vector,they may "pass it on" by jumping to the previous address value. Thistechnique works well so long as none of the programs involved everterminate. If one of the programs in such an interrupt chain were toterminate, the program upstream of it would continue to transfer controlat interrupt time to the memory address that used to designate theterminated program, thereby causing system failure. This phenomenon isillustrated in FIGS. 8 through 12.

FIG. 8 illustrates how an existing operating system DOS services aninterrupt when no applications programs have an interest in theinterrupt. In this case, the DOS has put the address (0120) of the entrypoint of its interrupt handler routine into the interrupt vector table.When the interrupt corresponding to the location in the interrupt vectortable illustrated in FIG. 8 occurs, the 80286 will transfer control tothe DOS's corresponding interrupt handler routine. When the interrupthandler routine is finished with its work, it executes an "InterruptReturn (IRET)" instruction which causes the 80286 to return to theprevious execution stream.

FIG. 9 illustrates how a single application (Application 1) typicallyintercepts hardware interrupts in an existing DOS environment. The DOShas installed the address of its interrupt handler routine (0120) in theinterrupt vector table, as illustrated in FIG. 8 and discussed above.Application 1 reads the current contents of the interrupt vector (0120)and saves that value in some memory location within its address space.It then installs the address of its own interrupt handler routine (1050)in the hardware vector table.

When an interrupt occurs, the 80286 will transfer control to theapplication's interrupt handler routine instead of the DOS interrupthandler routine. The application then typically examines the cause ofthe interrupt and decides either to process the interrupt itself andissue an IRET instruction to return control to the previous executionstream, or transfer control to the DOS interrupt handler (whose addressit has saved). In the former case, the DOS interrupt handler is neverexecuted.

FIG. 10 illustrates what happens when a second application (Application2) is added to the scenario illustrated in FIG. 9 and describe above.Application 2 has read the hardware interrupt vector table and saved theaddress of Application 1's interrupt handler routine (1050) in itsaddress space. It has then installed the address of its own handlerroutine (2080) in the vector table.

In this scenario, when an interrupt occurs, Application 2's interrupthandler routine is entered first. It may either process the interrupt orpass control to the interrupt handler routine of Application 1. Ifcontrol goes to Application 1's interrupt handler routine, it may eitherprocess the interrupt or pass control to the DOS interrupt handlerroutine.

Note the priority scheme developed by this chain. The last applicationentering the system has right of first refusal on the interrupt and theDOS is the handler of last resort, handling the interrupt only if noapplications want it. This technique is commonly used to allowapplications to filter keystrokes from a terminal and recognize certainspecial "control" keycodes while passing unrecognized codes down to thenext handler in the chain.

Programs which use these techniques of chaining interrupt vectorstypically restore the address of the handler they replaced when theyexit. FIG. 11 illustrates Application 2 terminating, and before doingso, it has restored the value in the interrupt vector table to that toApplication 1's handler routine (1050).

FIG. 12 illustrates the effect of Application 1 terminating beforeApplication 2. Application 1 will restore the address of the handler itsaved, i.e., that of the DOS's handler. As soon as this happens,Application 2 (which is still running) is incorrectly cut out of thechain.

This incorrect behavior is a direct result of the fact that amulti-tasking system is running applications designed for asingle-tasking system. Such applications assume that there can only beone program in the system (themselves) which can terminate. Thisassumption is false in a multi-tasking system.

Note that there is an even more serious scenario not illustrated.Following the description above, if Application 2 now terminates, itwill restore the interrupt vector table to the value it saved, i.e.,1050. This value designates the former address of the interrupt handlerroutine of Application 1, which is no longer at such former address. Theexistence of a vector in the hardware vector table which points to arandom place in memory will typically cause the system to crash beforemuch time elapses.

Preferred embodiments of the present invention preferably include anovel interrupt handling method which solves the problems describedabove. Each hardware interrupt vector used by the DOS is set up by theDOS to point to a special routine in the DOS called the "dispatcher."The dispatcher maintains a client list of all the interrupt handlerroutines interested in each interrupt and transfers control to suchhandlers at appropriate times.

In the preferred embodiment of the interrupt handling method that isillustrated in FIG. 13, each interrupt vector is set to point at acorresponding entry point in the dispatcher routine. FIG. 13illustrates, for example, that interrupt vector number 8 has been set topoint to address 190 in the dispatcher. The dispatcher maintains aclient list corresponding to each interrupt vector. Initially, theclient list contains just one entry: the address of the default handlerin the DOS (0120 in FIG. 13).

The dispatcher monitors the contents of the hardware interrupt vector todetermine when an application program has replaced the contents of thehardware interrupt vector with the address of its own interrupt handlerroutine. The contents of an interrupt vector are checked each time thatinterrupt occurs and each time that control is transferred to the DOS.When a change is detected, the DOS will read the new contents of theinterrupt vector into the top of its client list and reset the interruptvector to point to the dispatcher. For example, when Application 1(illustrated in FIG. 13) begins execution, it saves the address from theinterrupt vector (190) and places its own interrupt handler routineaddress (1050) in the interrupt vector. At the next dispatch orinterrupt for this vector, the DOS will notice that the application hasmodified the hardware interrupt vector. It will reset the hardwareinterrupt vector to 190 to point to the dispatcher and will add theaddress of Application 1's handler (1050) to the dispatcher list forthis interrupt vector.

When Application 2 begins, the same procedure occurs. The interruptvector is restored to point to the dispatcher, and the dispatcher'sclient list now contains three addresses: 0120 (the address of the DOSinterrupt handler routine); 1050 (the address of the interrupt handlerroutine for Application 1); and 2080 (the address for the interrupthandler routine for Application 2).

When an interrupt occurs, the dispatcher calls each interrupt handlerroutine in reverse order (i.e., Application 2, Application 1, and DOS)until one of them issues an IRET instruction, indicating it hasprocessed the interrupt. The processing of an interrupt using the methodof FIG. 13 is illustrated in the flow chart of FIG. 16. When control istransferred to entry point 0190, a check is made of an initial flagwithin the dispatcher. If the initial flag is not set, the dispatcherwill set the initial flag, set a client pointer, place the address of asecond entry point of the dispatcher on the stack, and transfer controlto the first address on the client list for the interrupt beingserviced. In the environment illustrated in FIG. 13, control would betransferred to address 2080, the address of Application 2's interrupthandler routine. Application 2 will either process the interrupt andissue an IRET, or return control to address 0190, which it previouslysaved. If control returns to address 0190, the dispatcher will check theinitial flag. Because the initial flag is now set, the dispatcher willincrement the client pointer and transfer control to the second addresson the client list. In the environment illustrated in FIG. 13, controlwill be transferred to address 1050, the address of Application 1'sinterrupt handler routine. Application 1 will either service theinterrupt and return control to address 0190, or issue an IRET. Asillustrated in FIG. 16, when an interrupt handler issues an IRET,control will be transferred to the second entry point in the dispatcherbecause that address was previously placed on top of the stack. Thedispatcher will then clear the initial flag and issue another IRET tothe system, causing control to return to the interrupted executionstream.

Using the method of the present invention and as illustrated in FIG. 14,when any application terminates and sets the interrupt vector back towhat it thinks is the address of the previous interrupt handler routine,the DOS will detect its departure from the system and and remove theaddress of the terminating application's interrupt handler from thedispatcher's client list.

Alternate embodiments of the interrupt handling routine of the presentinvention are also possible. In the preferred embodiment illustrated inFIG. 17, the interrupt vectors have been moved to an alternate locationwithin the Interrupt Descriptor Table of the 80286. For example, thehardware interrupt formerly handled by interrupt vector 8 is now handledby interrupt vector 108. Vector 108 is set to point to a first entrypoint within the dispatcher. Application programs written to preempt thevalue of interrupt vector 8 will continue to read the addresses of theirinterrupt handlers into interrupt vector 8, although the DOS willactually process the interrupt that the application is attempting todivert using interrupt vector 108. The value of the original interruptvectors, such as interrupt vector 8, are set to point to a second entrypoint in the dispatcher. Thus, when an application program enters thesystem and attempts to edit an interrupt vector, it will place theaddress of its interrupt handler routine in the original interruptvector and save the address of the second entry point in the dispatcher.As in the previous embodiment, the dispatcher will check for edits ofthe interrupt vectors when control is transferred to the DOS and when aninterrupt is received. When an edit is detected, the address of theapplication programs interrupt handler routine is placed on the clientlist and the interrupt vector is reset to point to the second entrypoint in the dispatcher.

When a hardware interrupt is received, it is directed to the newinterrupt vector, such as interrupt vector 108, and control is switchedto the first entry point in the dispatcher. The dispatcher will now knowautomatically that a true hardware interrupt has occurred. No initialflag is needed in this embodiment. The dispatcher will then initializeits client pointer and transfer control to the first client on theclient list for the interrupt being serviced. If the interrupt handlerroutine for the first client does not service the interrupt, it willreturn control to a second entry point, causing the dispatcher toincrement the client pointer and go to the next client. An IRETinstruction issued by any client will return control to the previousexecution stream.

3. Alternate Preferred Embodiments

Some machines incorporating the 80286, such as the IBM PC/AT andmachines similar to it, are widely used but contain some elements ofhardware design which slow mode switching or reduce the amount of memoryavailable to real mode programs. Alternate embodiments of the presentinvention provide techniques which can be used to improve performance ofsuch machines.

For example, improved performance can be obtained by combining the modeswitching techniques of the present invention with certain techniquesrelating to the location of the operating system in memory, asillustrated in FIG. 14. All 80286 machines are limited to one megabyteof RAM for real mode programs, and most, in fact, limit the amount ofRAM usable by programs to 640K. In alternate embodiments of the presentinvention, the amount of low 640K memory available to real mode programsis maximized by placing up to 64K of the DOS into memory at location 1megabyte. This part of the DOS can be accessed/executed in both real andprotected modes and frees an identical amount of space below 1 megabyteor 640K for use by programs. Further, some elements of the DOS which arecomparatively large and infrequently used or relatively slow can beplaced in the memory above 1 megabyte and used only in protected mode.For example, file open routines, file rename routines, create directoryroutines, and delete directory routines can be stored above 1 megabytewithout significant loss of performance. Should a real mode programrequest one of the functions, the DOS will mode switch in the protectedmode, perform the requested operation, and switch back before returningto the program.

4. Auxiliary Protection Hardware

The ability to run programs in protected mode greatly contributes tosystem protection and security. The user/operator of the system can typea command which instructs the DOS to refuse to execute real modeprograms and thus provides a fully secure environment. Alternatepreferred embodiments of the present invention may provide hardwareelements that allow real mode programs to run while still maintainingsystem protection.

The first such device is referred to herein as "I/O masking hardware."Hardware can be provided which checks each I/O operation attempted bythe 80286 against a list of valid I/O addresses. Although the DOS canprogram a single list to be used, it is preferred that a plurality oflists be maintained by the hardware so that the DOS need only designatean appropriate list to be used at a given time, thereby eliminating theneed to determine valid I/O addresses. If the operation is thuspermitted, it proceeds. Otherwise, the hardware prevents or disables theoperation. The list of valid addresses is usually stored in a RAM devicewhich is programmed by the 80286.

This hardware also allows the DOS to run protected mode programs whileallowing them access to "safe" I/O ports (such as private device or thedisplay card's program registers) yet while preventing them access toother I/O ports.

The second type of hardware which may be provided is memory protectionhardware. Hardware can be provided which checks each memory operationattempted by the 80286. The DOS makes use of this hardware when runningprograms in real mode by programming into it the authorized read-onlyand write-only address ranges for the program. An attempt to accessmemory outside this location will be flagged by an NMI event and(perhaps) prevented. A typical design for this hardware is small RAMcontaining permission bits or fields. The high order bits of the accessRAM are used to select a bit or field from the high-speed look-up RAM.The states of the bit(s) indicate the legality of the operation. ThisRAM is programmed by the DOS.

80287 Mode Switching

The hardware requirements to support an 80287 or other multi-modeco-processor are straightforward. Like the 80286, the 80287 has twooperational modes, "real" and "protected." It has a software instructionto quickly switch from real to protected mode. There is no correspondinginstruction to go from protected to real mode. Thus a hardware mechanismmust be provided to allow the simple latch addressed through one of the80286 ports. Ideally, mode switching of the 80287 should be independentof the 80286 to allow certain optimum uses, as described below.

A simple software implementation is to always switch the 80287 alongwith the 80286 so that both processors are always in the same mode, realor protected. However, mode switching the 80287 requires that the stateof the 80287 and other task specific data be saved. Because allapplications do not necessarily use the 80287 co-processor, switchingthe 80287 with each switch of the 80286 would unnecessarily slow theswitching process. Therefore, preferred embodiments of the presentinvention used with an 80287 preferably set the 80286 as if no 80287were present in the system, and do not mode switch the 80287 along withthe 80286. When an application program attempts to use the 80287, itwill initially be unsuccessful. After such an attempt, however, the80286 is reset to allow access to the 80287. The mode of the 80287 ischecked and compared to the mode of the program requesting the 80287,and the 80287 is switched, if necessary. The program is then restarted.When execution of the program requiring the 80287 terminates, the 80286is reset to indicate that no 80287 is present.

Although the methods and systems of the present invention have beendisclosed and described herein primarily with respect to preferredembodiments designed to be used with the 80286 microprocessor andcomputer systems employing that microprocessor, it is not intended thatthe present invention be limited to such embodiments. Rather, thepresent invention is intended to include all legally equivalentembodiments, including those designed for use with microprocessorshaving architecture similar to the 80286 or presenting problemsanalogous to those solved by the embodiments disclosed herein.

I claim:
 1. A method for accessing a segment in a multi-mode computerhaving segmented addressing, the computer having a memory, the computerhaving a segment selector to select the segment, the segment having abase address, the computer having a first mode wherein the base addressof the segment is addressed by the segment selector and a second modewherein the base address of the segment is addressed indirectly by thesegment selector which points to a memory location within a mappingsystem where the base address of the segment is stored, the methodallowing the segment to be accessed by the same segment selector valuein both the first and second modes, the method comprising the stepsof:(a) selecting an address that is a multiple of 16 to be the baseaddress of the segment; (b) when the computer is in either the firstmode or the second mode,(1) setting the segment selector to a value sothat the segment selector addresses the base address of the segment whenthe computer is in the first mode; (2) storing at a selected memorylocation within the mapping system the base address of the segment, thememory location being selected so that it is pointed to by the segmentselector as set in step (1) when the computer is in the second mode; and(3) loading the segment into the memory at the base address; and (c)accessing the segment in both the first and second modes using thesegment selector.
 2. The method of claim 1 wherein the segment containsprogram routines.
 3. The method of claim 1 wherein the segment containsoperating system routines.
 4. The method of claim 1 wherein the baseaddress in step (a) is set to a value that is greater than or equal to128.
 5. The method of claim 4 wherein the segment contains programroutines.
 6. The method of claim 4 wherein the segment containsoperating system routines.
 7. The method of claim 1 wherein the baseaddress in step (a) is set to a value that is a multiple of
 128. 8. Themethod of claim 7 wherein the segment contains program routines.
 9. Themethod of claim 7 wherein the segment contains operating systemroutines.
 10. A method for accessing a segment in a computer, thecomputer having a memory and the computer based on an Intel 80286 orcompatible microprocessor, the microprocessor having segmentedaddressing and a segment selector to select the segment, the segmenthaving a base address, the microprocessor having a real mode wherein thebase address of the segment is addressed by the segment selector and aprotected mode wherein the base address of the segment is addressedindirectly by the segment selector which points to a memory locationwithin a descriptor table where the base address of the segment isstored, the method allowing the segment to be accessed by the samesegment selector value in both the real and protected modes, the methodcomprising the steps of:(a) selecting an address that is a multiple of16 to be the base address of the segment; (b) when the computer is ineither the real mode or the protected mode,(1) setting the segmentselector to a value so that the segment selector addresses the baseaddress of the segment when the computer is in the real mode; (2)storing at a selected memory location within the descriptor table thebase address of the segment, the memory location being selected so thatit is pointed to by the segment selector as set in step (1) when thecomputer is in the protected mode; and (3) loading the segment into thememory at the base address; and (c) accessing the segment in both thereal and protected modes using the segment selector.
 11. The method ofclaim 10 wherein the segment contains program routines.
 12. The methodof claim 10 wherein the segment contains operating system routines. 13.The method of claim 10 wherein the descriptor table is the localdescriptor table.
 14. The method of claim 13 wherein the segmentcontains program routines.
 15. The method of claim 13 wherein thesegment contains operating system routines.
 16. The method of claim 10wherein the descriptor table is a global descriptor table.
 17. Themethod of claim 16 wherein the base address in step (a) is set to avalue that is a multiple of
 128. 18. The method of claim 17 wherein thesegment contains program routines.
 19. The method of claim 17 whereinthe segment contains operating system routines.
 20. The method of claim16 wherein the segment contains program routines.
 21. The method ofclaim 16 wherein the segment contains operating system routines.